Merge branch 'main' into feat/add-job-skipper

Signed-off-by: Prasanth Baskar <bupdprasanth@gmail.com>

.github/workflows/housekeeping-stale-issues-prs.yaml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9.0.0
+      - uses: actions/stale@v9.1.0
         with:
           stale-issue-message: 'This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.'
           stale-pr-message: 'This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days.'

Makefile

@@ -79,7 +79,8 @@ REGISTRYPROJECTNAME=goharbor
 DEVFLAG=true
 TRIVYFLAG=false
 HTTPPROXY=
-BUILDBIN=true
+BUILDREG=true
+BUILDTRIVYADP=true
 NPM_REGISTRY=https://registry.npmjs.org
 BUILDTARGET=build
 GEN_TLS=
@@ -104,8 +105,9 @@ PREPARE_VERSION_NAME=versions
 
 #versions
 REGISTRYVERSION=v2.8.3-patch-redis
-TRIVYVERSION=v0.56.1
-TRIVYADAPTERVERSION=v0.32.0-rc.1
+TRIVYVERSION=v0.58.2
+TRIVYADAPTERVERSION=v0.32.3
+NODEBUILDIMAGE=node:16.18.0
 
 # version of registry for pulling the source code
 REGISTRY_SRC_TAG=v2.8.3
@@ -282,16 +284,16 @@ endef
 
 # lint swagger doc
 SPECTRAL_IMAGENAME=$(IMAGENAMESPACE)/spectral
-SPECTRAL_VERSION=v6.11.1
-SPECTRAL_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/spectral/Dockerfile --build-arg GOLANG=${GOBUILDIMAGE} --build-arg SPECTRAL_VERSION=${SPECTRAL_VERSION} -t ${SPECTRAL_IMAGENAME}:$(SPECTRAL_VERSION) .
+SPECTRAL_VERSION=v6.14.2
+SPECTRAL_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/spectral/Dockerfile --build-arg NODE=${NODEBUILDIMAGE} --build-arg SPECTRAL_VERSION=${SPECTRAL_VERSION} -t ${SPECTRAL_IMAGENAME}:$(SPECTRAL_VERSION) .
 SPECTRAL=$(RUNCONTAINER) $(SPECTRAL_IMAGENAME):$(SPECTRAL_VERSION)
 
 lint_apis:
 	$(call prepare_docker_image,${SPECTRAL_IMAGENAME},${SPECTRAL_VERSION},${SPECTRAL_IMAGE_BUILD_CMD})
 	$(SPECTRAL) lint ./api/v2.0/swagger.yaml
 
 SWAGGER_IMAGENAME=$(IMAGENAMESPACE)/swagger
-SWAGGER_VERSION=v0.25.0
+SWAGGER_VERSION=v0.31.0
 SWAGGER=$(RUNCONTAINER) ${SWAGGER_IMAGENAME}:${SWAGGER_VERSION}
 SWAGGER_GENERATE_SERVER=${SWAGGER} generate server --template-dir=$(TOOLSPATH)/swagger/templates --exclude-main --additional-initialism=CVE --additional-initialism=GC --additional-initialism=OIDC
 SWAGGER_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/swagger/Dockerfile --build-arg GOLANG=${GOBUILDIMAGE} --build-arg SWAGGER_VERSION=${SWAGGER_VERSION} -t ${SWAGGER_IMAGENAME}:$(SWAGGER_VERSION) .
@@ -312,7 +314,7 @@ gen_apis: lint_apis
 
 
 MOCKERY_IMAGENAME=$(IMAGENAMESPACE)/mockery
-MOCKERY_VERSION=v2.46.2
+MOCKERY_VERSION=v2.51.0
 MOCKERY=$(RUNCONTAINER)/src ${MOCKERY_IMAGENAME}:${MOCKERY_VERSION}
 MOCKERY_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/mockery/Dockerfile --build-arg GOLANG=${GOBUILDIMAGE} --build-arg MOCKERY_VERSION=${MOCKERY_VERSION} -t ${MOCKERY_IMAGENAME}:$(MOCKERY_VERSION) .
 
@@ -387,11 +389,11 @@ build:
 		echo Should pull base images from registry in docker configuration since no base images built. ; \
 		exit 1; \
 	fi
-	make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
+	make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) -e NODEBUILDIMAGE=$(NODEBUILDIMAGE) \
 	 -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG)  -e DISTRIBUTION_SRC=$(DISTRIBUTION_SRC)\
 	 -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
 	 -e VERSIONTAG=$(VERSIONTAG) \
-	 -e BUILDBIN=$(BUILDBIN) \
+	 -e BUILDREG=$(BUILDREG) -e BUILDTRIVYADP=$(BUILDTRIVYADP) \
 	 -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e IMAGENAMESPACE=$(IMAGENAMESPACE) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
 	 -e REGISTRYURL=$(REGISTRYURL) \
 	 -e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL) \

api/v2.0/swagger.yaml

@@ -997,12 +997,6 @@ paths:
           type: boolean
           required: false
           default: false
-        - name: with_signature
-          in: query
-          description: Specify whether the signature is included inside the tags of the returning artifacts. Only works when setting "with_tag=true"
-          type: boolean
-          required: false
-          default: false
         - name: with_immutable_status
           in: query
           description: Specify whether the immutable status is included inside the tags of the returning artifacts. Only works when setting "with_immutable_status=true"
@@ -1313,12 +1307,6 @@ paths:
         - $ref: '#/parameters/sort'
         - $ref: '#/parameters/page'
         - $ref: '#/parameters/pageSize'
-        - name: with_signature
-          in: query
-          description: Specify whether the signature is included inside the returning tags
-          type: boolean
-          required: false
-          default: false
         - name: with_immutable_status
           in: query
           description: Specify whether the immutable status is included inside the returning tags
@@ -6952,6 +6940,7 @@ definitions:
         description: The operation's detail description
       operation_result:
         type: boolean
+        x-omitempty: false
         description: the operation's result, true for success, false for fail
       op_time:
         type: string

make/photon/Makefile

@@ -122,7 +122,7 @@ _build_db:
 _build_portal:
 	@$(call _build_base,$(PORTAL),$(DOCKERFILEPATH_PORTAL))
 	@echo "building portal container for photon..."
-	$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg npm_registry=$(NPM_REGISTRY) -f $(DOCKERFILEPATH_PORTAL)/$(DOCKERFILENAME_PORTAL) -t $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) .
+	$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg NODE=${NODEBUILDIMAGE} --build-arg npm_registry=$(NPM_REGISTRY) -f $(DOCKERFILEPATH_PORTAL)/$(DOCKERFILENAME_PORTAL) -t $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) .
 	@echo "Done."
 
 _build_core:
@@ -149,7 +149,7 @@ _build_trivy_adapter:
 		rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
 		echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \
 		$(call _extract_archive, $(TRIVY_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
-		if [ "$(BUILDBIN)" != "true" ] ; then \
+		if [ "$(BUILDTRIVYADP)" != "true" ] ; then \
 			echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
 			$(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
 		else \
@@ -174,7 +174,7 @@ _build_nginx:
 
 _build_registry:
 	@$(call _build_base,$(REGISTRY),$(DOCKERFILEPATH_REG))
-	@if [ "$(BUILDBIN)" != "true" ] ; then \
+	@if [ "$(BUILDREG)" != "true" ] ; then \
 		rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \
 		$(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \
 	else \
@@ -205,7 +205,7 @@ _build_standalone_db_migrator:
 _compile_and_build_exporter:
 	@$(call _build_base,$(EXPORTER),$(DOCKERFILEPATH_EXPORTER))
 	@echo "compiling and building image for exporter..."
-	@$(DOCKERCMD) build --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
+	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
 	@echo "Done."
 
 define _extract_archive

make/photon/portal/Dockerfile

@@ -1,6 +1,7 @@
 ARG harbor_base_image_version
 ARG harbor_base_namespace
-FROM node:16.18.0 as nodeportal
+ARG NODE
+FROM ${NODE} as nodeportal
 
 WORKDIR /build_dir
 

src/.mockery.yaml

@@ -462,6 +462,16 @@ packages:
       DAO:
         config:
           dir: testing/pkg/audit/dao
+  github.com/goharbor/harbor/src/pkg/auditext:
+    interfaces:
+      Manager:
+        config:
+          dir: testing/pkg/auditext
+  github.com/goharbor/harbor/src/pkg/auditext/dao:
+    interfaces:
+      DAO:
+        config:
+          dir: testing/pkg/auditext/dao
   github.com/goharbor/harbor/src/pkg/systemartifact:
     interfaces:
       Manager:

src/common/rbac/project/rbac_role.go

@@ -127,8 +127,6 @@ var (
 
 			{Resource: rbac.ResourceMetadata, Action: rbac.ActionRead},
 
-			{Resource: rbac.ResourceLog, Action: rbac.ActionList},
-
 			{Resource: rbac.ResourceQuota, Action: rbac.ActionRead},
 
 			{Resource: rbac.ResourceLabel, Action: rbac.ActionCreate},
@@ -199,8 +197,6 @@ var (
 			{Resource: rbac.ResourceMember, Action: rbac.ActionRead},
 			{Resource: rbac.ResourceMember, Action: rbac.ActionList},
 
-			{Resource: rbac.ResourceLog, Action: rbac.ActionList},
-
 			{Resource: rbac.ResourceLabel, Action: rbac.ActionRead},
 			{Resource: rbac.ResourceLabel, Action: rbac.ActionList},
 
@@ -254,8 +250,6 @@ var (
 			{Resource: rbac.ResourceMember, Action: rbac.ActionRead},
 			{Resource: rbac.ResourceMember, Action: rbac.ActionList},
 
-			{Resource: rbac.ResourceLog, Action: rbac.ActionList},
-
 			{Resource: rbac.ResourceLabel, Action: rbac.ActionRead},
 			{Resource: rbac.ResourceLabel, Action: rbac.ActionList},
 

src/common/utils/utils.go

@@ -337,3 +337,13 @@ func MostMatchSorter(a, b string, matchWord string) bool {
 func IsLocalPath(path string) bool {
 	return len(path) == 0 || (strings.HasPrefix(path, "/") && !strings.HasPrefix(path, "//"))
 }
+
+// StringInSlice check if the string is in the slice
+func StringInSlice(str string, slice []string) bool {
+	for _, s := range slice {
+		if s == str {
+			return true
+		}
+	}
+	return false
+}

src/controller/event/handler/auditlog/auditlog.go

@@ -16,12 +16,14 @@ package auditlog
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/goharbor/harbor/src/controller/event"
+	evtModel "github.com/goharbor/harbor/src/controller/event/model"
 	"github.com/goharbor/harbor/src/lib/config"
 	"github.com/goharbor/harbor/src/lib/log"
-	"github.com/goharbor/harbor/src/pkg/audit"
-	am "github.com/goharbor/harbor/src/pkg/audit/model"
+	"github.com/goharbor/harbor/src/pkg/auditext"
+	am "github.com/goharbor/harbor/src/pkg/auditext/model"
 )
 
 // Handler - audit log handler
@@ -30,7 +32,7 @@ type Handler struct {
 
 // AuditResolver - interface to resolve to AuditLog
 type AuditResolver interface {
-	ResolveToAuditLog() (*am.AuditLog, error)
+	ResolveToAuditLog() (*am.AuditLogExt, error)
 }
 
 // Name ...
@@ -40,13 +42,12 @@ func (h *Handler) Name() string {
 
 // Handle ...
 func (h *Handler) Handle(ctx context.Context, value interface{}) error {
-	var auditLog *am.AuditLog
 	var addAuditLog bool
 	switch v := value.(type) {
 	case *event.PushArtifactEvent, *event.DeleteArtifactEvent,
 		*event.DeleteRepositoryEvent, *event.CreateProjectEvent, *event.DeleteProjectEvent,
 		*event.DeleteTagEvent, *event.CreateTagEvent,
-		*event.CreateRobotEvent, *event.DeleteRobotEvent:
+		*event.CreateRobotEvent, *event.DeleteRobotEvent, *evtModel.CommonEvent:
 		addAuditLog = true
 	case *event.PullArtifactEvent:
 		addAuditLog = !config.PullAuditLogDisable(ctx)
@@ -56,14 +57,13 @@ func (h *Handler) Handle(ctx context.Context, value interface{}) error {
 
 	if addAuditLog {
 		resolver := value.(AuditResolver)
-		al, err := resolver.ResolveToAuditLog()
+		auditLog, err := resolver.ResolveToAuditLog()
 		if err != nil {
 			log.Errorf("failed to handler event %v", err)
 			return err
 		}
-		auditLog = al
-		if auditLog != nil {
-			_, err := audit.Mgr.Create(ctx, auditLog)
+		if auditLog != nil && config.AuditLogEventEnabled(ctx, fmt.Sprintf("%v_%v", auditLog.Operation, auditLog.ResourceType)) {
+			_, err := auditext.Mgr.Create(ctx, auditLog)
 			if err != nil {
 				log.Debugf("add audit log err: %v", err)
 			}

src/controller/event/handler/init.go

@@ -67,6 +67,7 @@ func init() {
 	_ = notifier.Subscribe(event.TopicDeleteTag, &auditlog.Handler{})
 	_ = notifier.Subscribe(event.TopicCreateRobot, &auditlog.Handler{})
 	_ = notifier.Subscribe(event.TopicDeleteRobot, &auditlog.Handler{})
+	_ = notifier.Subscribe(event.TopicCommonEvent, &auditlog.Handler{})
 
 	// internal
 	_ = notifier.Subscribe(event.TopicPullArtifact, &internal.ArtifactEventHandler{})

src/controller/event/metadata/commonevent/model.go

@@ -0,0 +1,91 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package commonevent
+
+import (
+	"context"
+	"regexp"
+	"sync"
+
+	"github.com/goharbor/harbor/src/pkg/notifier/event"
+)
+
+// Resolver the interface to resolve Metadata to CommonEvent
+type Resolver interface {
+	Resolve(*Metadata, *event.Event) error
+	PreCheck(ctx context.Context, url string, method string) (bool, string)
+}
+
+var urlResolvers = map[string]Resolver{}
+
+var mu = &sync.Mutex{}
+
+// RegisterResolver register a resolver for a specific URL pattern
+func RegisterResolver(urlPattern string, resolver Resolver) {
+	mu.Lock()
+	urlResolvers[urlPattern] = resolver
+	mu.Unlock()
+}
+
+// Resolvers get map of resolvers
+func Resolvers() map[string]Resolver {
+	return urlResolvers
+}
+
+// Metadata the raw data of event
+type Metadata struct {
+	// Ctx ...
+	Ctx context.Context
+	// Username requester username
+	Username string
+	// RequestPayload http request payload
+	RequestPayload string
+	// RequestMethod
+	RequestMethod string
+	// ResponseCode response code
+	ResponseCode int
+	// RequestURL request URL
+	RequestURL string
+	// IPAddress IP address of the request
+	IPAddress string
+	// ResponseLocation response location
+	ResponseLocation string
+	// ResourceName resource name
+	ResourceName string
+	// Payload request payload
+	Payload string
+}
+
+// Resolve parse the audit information from CommonEventMetadata
+func (c *Metadata) Resolve(event *event.Event) error {
+	for url, r := range Resolvers() {
+		p := regexp.MustCompile(url)
+		if p.MatchString(c.RequestURL) {
+			return r.Resolve(c, event)
+		}
+	}
+	return nil
+}
+
+// PreCheck check if current event is matched and return the prefetched resource name when it is delete operation
+func (c *Metadata) PreCheckMetadata() (bool, string) {
+	for urlPattern, r := range Resolvers() {
+		p := regexp.MustCompile(urlPattern)
+		if p.MatchString(c.RequestURL) {
+			return r.PreCheck(c.Ctx, c.RequestURL, c.RequestMethod)
+		}
+	}
+	return false, ""
+}